Cyber Resilience

CVE-2013-0431

MediumCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 31 January 2013

Published
31 January 2013
Modified
21 April 2026
KEV Added
25 May 2022
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.9154 99.7th percentile
Risk Priority 86 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-0431 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Oracle Jre. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-18 (Mobile Code).

Deeper analysis

The vulnerability is an unspecified flaw in the Java Runtime Environment component of Oracle Java SE 7 through Update 11 and OpenJDK 7. It is tracked as Issue 52 and is distinct from CVE-2013-1490. The issue resides in JMX-related code and permits bypass of the Java security sandbox.

User-assisted remote attackers can exploit the flaw over the network to circumvent sandbox restrictions and obtain limited unauthorized access to sensitive information. The CVSS 3.1 score of 5.3 reflects network attack vector, low complexity, and no required privileges or user interaction for the confidentiality impact. No mitigation details or patch guidance are provided in the available references, and no information on observed exploitation is supplied.

EU & UK References

Vulnerability details

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a…

more

different vulnerability than CVE-2013-1490.

CWE(s)
KEV Date Added
25 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oracle
jre
1.7.0
oracle
openjdk
7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces the Java security sandbox that CVE-2013-0431 bypasses via JMX vectors.

prevent

Restricts usage and implementation of mobile code technologies such as Java applets/JMX that the sandbox bypass targets.

prevent

Enforces information flow rules inside the JRE sandbox that the JMX flaw circumvents to leak data.

References